Reversing its earlier stance, Microsoft has acknowledged that a
security hole found in its Office 97 application suite also affects its
newer Office 2000 package.

The security flaw, first reported last month, is related to the
company's data access software, called Jet, and is found in the company's
Excel 97 program, a popular component of Office 97.

The hole allows code contained in an Excel 97 worksheet, hidden in a Web
page or sent via email, to plant viruses, delete data, or read files,
according to the programmer who discovered the problem, Juan Carlos Garcia
Cuartango, an engineer in Spain. Cuartango posted a message about the flaw
to the NTBugTraq mailing list and
also notified Microsoft.

At the time, Microsoft officials
said that the hole did not affect Office 2000, which uses a newer version of
Jet.

Today, a Microsoft representative said that the
company's programmers have found a similar vulnerability in Office 2000. According to Microsoft, the Office 2000 flaw is slightly different, but is also tied to Jet and can also be exploited via Excel to perform malicious acts. The flaw was first found by Cuartango and reported by the New York Times.

Microsoft is expected today to release both a bulletin detailing the
security flaw and a software patch. The company recommends that all Office 2000, Office 97, Excel 2000, and Excel 97 users update their systems using the patch. Both will be available from Microsoft's Office Update Web site.

Due to the complexity in which Jet interacts with other Microsoft
applications, security experts have said they would prefer that the company
take the time to get a patch right before issuing a fix.

Jet is used in several Microsoft products, including its Exchange messaging
server and is the default database used with the company's popular Visual
Basic development tool. Jet can also be used with other Microsoft
development tools, such as Visual C++. It is also used by third-party
software providers.